
PRIVACY 

JOURNAL 


P.O. Box 8844 
Washington, D.C. 20003 
(202) 547-2865 


an independent monthly on privacy in a computer age 


September 1977, Vol. Ill, No. 11 






HOW MUCH IS PRIVACY WORTH TO YOU? 

”A federal judge has decreed — at least for now and perhaps for good — 
that a citizen's right to privacy is worth a dollar." That was the reaction 
of The New Yorker (Aug. 22) to federal judge John Lewis Smith Jr.'s award of $1 
each to former Kissinger aide Morton Halperin and his family after 18 months of 
an illegal wiretap on their home telephone by the Nixon Administration. Halperin 
v. Kissinger et al , C.A. No. 1187-73 (D.D.C.). The federal law violated by the 
Nixon Administration tap calls for damages of at least $100 for each day that 
an illegal tap is in place. 

Attorney General Griffin Bell has another method for measuring the worth of 
an individual's right to privacy. Faced with a decision of whether to approve 
indictments of high FBI officials who conducted unauthorized and illegal break-ins, 
wiretaps, mail-openings and other invasions of privacy. Bell consulted his fan 
mail. He reluctantly agreed to the indictment of one agent named by a grand 
jury last spring simply because the statute of limitations on the offense was 
about to expire. "The mail against me was a hundred to one. And the last time 
we checked I was losing the one," said Bell earlier this summer in explaining 
why he chose not to approve other indictments, even though the evidence was clear 
that the violations had not had the approval of FBI top management nor existing 
law. (See June 1977.) 

The FBI took no disciplinary action. Its assessment of an individual's 
right to privacy is different. Its Office of Professional Responsibility con¬ 
cerned itself in the past year with such "major offenses" as, "A special agent 
voluntarily admitted having an extramarital relationship....The agent's field 
office initially recommended censure, probation, and five days suspension. 
(Headquarters) agreed with the field office recommendations but added that the 
agent should be transferred to another field office and be relieved of his 
supervisory duties." Another special agent accused of (but not admitting) ex¬ 
tramarital affairs, physical abuse of his wife, falsifying expenses and several 
breaches of security received a lesser penalty. This was reported in a critique 
of the FBI's internal inquiries into alleged improprieties by its own staff, by 
Victor L. Lowe of the General Accounting Office before the House Subcommittee on 
Government Information and Individual Rights July 21. 

A federal judge in New York City measured privacy damages in a different way 
from his colleague in the Halperin case. He made the punishment fit the crime. 
Judge Jack B. Weinstein ordered the government to write letters of apology to 
three persons whose mail had been opened by the Central Intelligence Agency. The 

(Continued on page 5) 


Copyright © 1977 Robert Ellis Smith 
ISSN 0145-7659 
















0o P s — of more than 19,000 HEW employees who asked to correct their own files, as 
permitted under the Privacy Act, 99 percent were entitled to a correction 
or amendment to the files. Under HEW privacy regulations, the department must 
make a correction "if the responsible offical agrees that the record is not 
accurate, timely, or complete (or) not relevant or necessary." The same is true 
in other departments; just about all requests to see one's own file come from 
federal employees and just about all requests for correction are approved. With 
the exception of those seeking FBI files, the general public "did not exercise 

^i?hts of access as anticipated" in 1976, according to Second Annual Report 
of the President on Federal Personal Data Systems (Stock Number 041-001-00154-9, 
Government Printing Office, Washington, D.C. 20402) . Few citizens are commenting 
on the hundreds of public notices that must be published under the act, and the 
privacy act has reduced slightly the total number of federal files on people and 
improved the quality of that data, according to the report. 


You Deserve a Byte — If you let your kid sign up for the Ronald McDonald Birthday Club, 
you should know what happens. His or her name gets entered into a computer in 
Baltimore. To handle more than 100,000 applications every month, McDonald's codes 
each one of them on^computer tape so that each kid's birthday is not pH and r.r 
she receives one of eight possible free food offers selected by the store manager. 

One Congressman, who would understand all of this, was asked how he used the 
yearly $12,000 in computer services he is entitled to in the House of Repre¬ 
sentatives. "To make correspondence to my constiuents more personal," he said. 


IN THE STATES 


California's SB 170, fair information practices code for state agencies drafted 
by civil libertarians, has been approved by the State Assembly after amendments 
recommended by Gov. Edmund G. Brown Jr.'s administration. This is an updated 
version of a bill that Brown has twice vetoed, but he has indicated he will sign 
SB 170 if it passes the State Senate. It would limit disclosure of state manual 
or automated files about individuals and permit a citizen to inspect and correct 
records about himself. The governor's aides successfully asked that the bill 
be amended to establish an Office of Information Practices, with which each state 
agency would file notices of its personal data systems. Brown had complained 
that earlier proposals would require too much paperwork and so he signed an 
executive order last October that grants many of the rights established by SB 
170. Many of the administrative requirements formerly in the bill have been 
eliminated at the request of the governor's aides. Law enforcement and the 
universit y system would be exempt from the limits on disclosure of personally 
identifiable data. * * * AB 150, a bill drafted by computer professionals to 
regulate only computer files in government and private business, is pending in 
the Assembly Ways and Means Committee. AB 150 had been suspended pending re¬ 
lease of the federal privacy commission report. It offers the computer pro¬ 
fessional's idea of what ought to be; SB 170 is an example of the layman's. 




QUOTABLE 


"I think it's about time they take those cameras off the bank customers and 
aim them at the bank presidents." 


Johnny Carson, The Tonight Show. Aug. 30, 
1977, in reaction to the banking practices 
revealed in the investigation of Bert Lance. 



- 2 - 


























THE CANADIAN HUMAN RIGHTS ACT: AN ANALYSIS 


By David H. Flaherty 


i r 


The new Canadian Human Rights Act is at best a mixed bag. The same statute 
is designed to extend the present federal laws in Canada that proscribe discrim¬ 
ination and to protect the privacy of individuals. 


Part IV of the Human Rights Act (Bill C-25 passed this summer) grants indi¬ 
viduals the right of access to federal records containing personal information 
about them, for any reason including the purpose of ensuring accuracy and com¬ 
pleteness. It embodies the principle that the privacy of individuals should be 
protected "to the greatest extent consistent with the public interest." The 
typical Canadian limitation incorporated in the last phrase is a portent of what 
is to come. 

Individuals are given a right of access to personal information held about them 
in government files. The most useful provision requires the annual publication 
of an index of each federal information bank containing administrative records, 
which should list the contents of the data files, as well as derivative or rou¬ 
tine uses of the information. If American experience under the Privacy Act of 
1974 is a reliable guide, this requirement will encourage civil servants to destroy 
some of the useless banks of personal information that have accumulated over time. 
The index should also make it easier for researchers to discover just what data 
some government departments hold. The quality of listings in the index will have 
to be monitored to prevent the publication of vague listings which are of no use 
to anyone. 

The government will rely on the issuance of regulations to determine what in¬ 
formation must be listed in the annual index and what procedures will apply when 
an individual wishes to examine and correct his personal file. The 89 Departments 
and government institutions falling within the scope of the legislation will thus 
have too many opportunities to lessen the impact of data protection. 

The quality of the regulations for the implementation of data protection will 
be crucial to the success of the effort. For example, there are no real controls 
in the legislation on inter-agency transfers of administrative records under the 
guise of a derivative use. Citizens are expected to trust the government to act 
in their best interests. 

Personal records are to be used only for the purposes for which they were col¬ 
lected, unless the use is authorized by law or a person has been notified of the 
derivative use. Individuals also have a right to record corrections of errors in 

(Continued on page 4) 


Dr. Flaherty is professor of history and co-principal investigator of the Project 
on Privacy and Access to Government Microdata, University of Western Ontario, London, 
Ontario. He is the author of Privacy in Colonial New England. 



PRIVACY JOURNAL 

ROBERT ELLIS SMITH 

An Independent Monthly on Privacy in a Computer Age 

Publisher 

PRIVACY JOURNAL is published monthly. SUBSCRIPTIONS: $45 per year, $60 per year overseas. 
CIRCULATION MANAGER: Robin L. Emerson. ASSISTANT TO THE PUBLISHER: Terry Cowles. 
SUBSCRIPTIONS: $45 per year, $60 per year overseas. Six subscriptions submitted at one time for the same 
or different addresses: $200. Orders of $200 or more entitle the subscriber to a year of PRIVACY JOURNAL’S 
research service, which provides privacy-related materials and telephone information upon request. PRIVACY 
JOURNAL also publishes Compilation of State and Federal Privacy Laws, a 215-page book available for 
$12.50. PRIVACY JOURNAL is a copyright publication, not to be reproduced without permission. Other 
publications are welcome to reprint brief excerpts from the newsletter with appropriate credit to PRIVACY 
JOURNAL Offices at 13 7th St., S.E., Washington, D.C. 20003. MAILING ADDRESS: P.O. Box 8844, 
Washington, D.C. 20003 


r * 


- 3 - 











(Continued from page 3) 

government files. American law includes similar provisions. 

The privacy section of the act does have some potential for development. The 
minister designated as responsible for its implementation has to approve any new 
information banks created by government agencies. Regulations issued under the 
act can also provide "for the management and surveillance of records of any gov¬ 
ernment institution to promote the protection of individual privacy." 

One of the members of the Canadian Human Rights Commission has been designated 
as the Privacy Commissioner. He is Inger Hansen, Canada’s prison ombudsman. This 
individual can investigate violations of privacy by government information banks 
and report the findings to the government minister involved and to the complainant. 

The Privacy Commissioner is also required to make annual or special reports to 
Parliament. 

But the Privacy Commissioner cannot make final determinations. Government ministers 
retain ultimate responsibility to Parliament. In the role of ombudsman, the 
Privacy Commissioner can only publicize government noncompliance_j^ithhi^_ 
recommendations. This type of arrangement for a Privacy Commissioner has been em¬ 
ployed with some success in the West German state of Hesse. 

The extensive exemptions in the statute have attracted the strongest criticism. 

Data banks do not have to be listed in the annual index or opened to public access 
if there is any possibility of injury to national security or defense, international 
relations, federal-provincial relations, or a current criminal investigation. 

Secondly, there can be no access to a government information bank if there is a po¬ 
tential for injury to any of the interests listed above, or the risk of breach of 
information concerning another individual. There are additional exceptions in this 
category. 

Although it is obvious that exemptions must exist in some form, the Canadian 
legislation provides no recourse from "the opinion of the Minister," who makes the 
determination on access. There is no appeal to a court or to a quasi-judicial 
body. The Canadian Bar Association wanted the Privacy Commissioner to "have the 
absolute power to review all exemptions and to review the files which are the sub¬ 
ject of these exemptions." The association argued "that the exemptions contained 
in the bill are so broad that it is difficult to envision an example of a request 
that could not be denied." 

Minister of Justice Ron Basford has made t he s urprising statement that the pro¬ 
tections for privacy~~in the'Canadian Human Rights Act are more effective than those 
enjoyed by citizens of the United States. He argues that it is better to have 
elected ministers ultimately responsible for implementation rather than bureaucrats. 

But the American Privacy Act of 1974 provides for an appeal to the courts in the 
event that a citizen is denied access to personal information in the hands of the 
federal government. In addition, American civil servants work within the framework 
and spirit of a strong Freedom of Information Act which is in direct contrast to the 
prevailing mentality in Canada both among civil servants and responsible ministers. 

A strong Freedom of Information Act should be the next item on the government’s agenda 
for the protection of human rights. 

At the same time persons concerned with the protection of personal privacy in 
Canada should be grateful that the enacted version of the government's legislation 
was so much stronger than the original draft introduced in 1975. 


- 4 - 











(Continued from page 1) 

judge said that the CIA had entered the names of 1.5 million citizens into its 
computers after learning their identities from the mail opening program, which 
extended from 1953 to 1973. "The American people have already paid a considerable 
price for the CIA's illegal mail search activities," he said. The proposed De¬ 
partment of Justice letter of apology said mail openings without court approval 
had been discontinued and are considered now illegal and that this "will, to some 
extent, restore your trust in the integrity of our free institutions." Birnbaum 
v. U.S. , No 76-1837 (E.D.N.Y., Aug. 17, 1977). 

To a California psychiatrist, protecting an individual's right to privacy 
was worth spending three days in jail. Dr. George R. Caesar of Marin County 
refused to answer questions about the psychotherapy of one of his patients, in 
civil litigation she initiated to recover damages for two auto accidents. Cali¬ 
fornia law does not recognize patient-physician confidentiality when the patient 
commences civil litigation to which the psychotherapy relates. Caesar told the 
trial judge that to describe his patient's psychotherapy would result in harm 
to her. 

That was in 1972. Ever since then he has been under the custody of the 
county sheriff, although not confined. A federal appeals court upheld the Cali¬ 
fornia law and this year the U.S. Supreme Court declined to hear the case. Caesar 
v. Mountanos , No. 76-804, cert, denied April 4, 1977. Although the judge could 
have sentenced the doctor for much longer, Dr. Caesar served a three-day sentence 
for criminal contempt. And his communications with his patient remain confidential. 

The Church of Scientology has more than 2Q lawsuits against federal agencies 
including one for as much as $750 million. But in a letter to the FBI, church 
attorneys have now complained of an invasion of members' privacy and demanded 
from the FBI damages of just $6. The Scientologists said they caught two FBI 
agents sneaking into a church movie presentation through a kitchen at the Los 
Angeles Hilton Hotel. And they want to recover the $3 admission charge for each 
intruder. 

Agenda — Sen. Birch Bayh, D-Ind., has scheduled hearings Sept. 27-28 of his Senate 
Subcommittee on the Constitution to consider his S. 1845, which would prohibit 
a company engaged in interstate commerce from requiring a polygraph test as a 
condition of employment, unless the individual requests such a test without 
coercion. PRIVACY JOURNAL publisher Robert Ellis Smith will testify. 

The annual meeting of the Association of Records Managers and Administrators 
(P.0. Box 281, Bradford, R.I. 02808) will devote an all-day session on Oct. 3 
to federal legislation affecting criminal justice information systems, Hyatt 
Regency Hotel, Houston (further information from Peter M. McLellan, Seattle Police 
Department, 206/625-4461). * * * The following institutions are offering a 

two-day seminar on computer auditing and security this fall: Franklin University, 
Columbus, Ohio (614/224-6237, ext. 40), Sept. 14-15; Pacific Lutheran University, 
Seattle (206/531-6900), Sept 26-27; Stevens Institute of Technology, Hoboken, N.J. 
(201/792-2700, ext 423), Sept 29-30; University of Maryland Center for Management 
Development, College Park, Md. (301/454-5237), Oct. 6-7; and State University 
of New York at Buffalo (716/831-3843), Oct. 25-26. * * * The National Bureau of 
Standards, Gaithersburg, Md. (301/921-3427) has scheduled a Personal Computing 
Conference, Nov. 28. * * * At the 49th annual meeting of the American Medical 
Record Association Rep. Barry M. Goldwater Jr., R-Calif., and privacy consultant 
Alan F. Westin will speak on the confidentiality of patient records Peachtree 
Plaza Hotel, Atlanta, Oct. 16-21 (more information from the association, 312/ 
787-2672, 875 North Michigan Ave., Suite 1850, Chicago, Ill. 60611). 











AVAILABLE NOW FROM PRIVACY JOURNAL 


□ Compilation of State and Federal Privacy Laws, 215 pages $12.50 

□ Three-ring custom binder for back issues 7.00 

□ Your Rights to Your Records, a 25-page consumer guide 3.00 

□ Back issues to November 1974 75.00 

□ Back issues to November 1975 60.00 

□ Back issues to November 1976 45.00 

□ List of groups interested in privacy 1.00 

□ List of foreign groups interested in privacy 1.00 

□ Privacy Primer, a two-page explanation of the issue 1.00 


□ Bibliographies on various privacy subjects Write for price list 

Telephone orders accepted; orders of $10 or less should be prepaid 



In Germany — The need for stricter controls was made clear to the data protection commis- 
sioner in the State of Hesse when he discovered that out-of-date computer printouts 
had been passed on to a nursery school for the kids to use as drawing paper. Trouble 
is, the printouts included sensitive registration data about i-ndiviauaj—- 


The commissioner's job, the first in the world, was established in Hesse in 1970 
to monitor data collection about individuals. Now that the federal government in 
the Federal Republic of Germany has enacted privacy legislation, Hesse Commissioner 
Spiros Simitis has drafted model legislation for each Lander (state). Simitis would 
provide stricter consumer protections than the federal law, making any request for 
personal information voluntary unless authorized by a law on the books and imposing 
strict liability for any harm to an individual by computer managers. Simitis over¬ 
seas a mandatory registry of data banks that provides Hessian citizens an opportunity 
to see who is using what information. The commissioner's annual report, with his 
draft law, is available from Der Hessische Datenschutzbeauftragte, Postfach 3163, 

6200 Wiesbaden, West Germany. English summary of the report, plus Germany's federal 
privacy law affecting private and government data collection, is available for $12 
from PRIVACY JOURNAL. 



Simitis, a well-regarded university professor who has attacked the Hessian data pro¬ 
tection problem with gusto, is expected to be named federal data protection com¬ 
missioner, established by Germany's 1977 privacy law to oversee compliance with the 
law by federal agencies. His term is five years. 

Among the Lawyers — If you had criminal charges dismissed in the past and a new law 

passed since then allows you to expunge the jrecord^ your former .attorney, .does not _ 

have an affirmative duty to inform you, according to a new ethics opinion from the 
American Bar Association. It is not unethical for the attorney to take the iniative 
and inform you of the change. Informal opinion 1356 . * * * A lawyer should use 
due care to make sure that an outside data processing firm employed by him keeps 
client information confidential. Informal opinion 1364 . * * * The American Bar 

Association has begun making its membership list of 220,000 lawyers available to 
"reputable mailers." Attorneys are given the option of removing their names from 
lists that will be rented. 


Medical Records — The Medical Society of New York, Blue Cross/Blue Shield, the nursing 
and dental associations, professional standards review organizations and other up¬ 
state New York groups have met together to form a corporation that will accredit 
data centers handling personally identifiable medical data, to assure that they meet 
certain standards. The effort is organized by the Joint Task Group on Confidentiality^ 
of Computerized Medical Records, 462 Grider St., Buffalo, N.Y. 14215. The Medical 
Society of New York has endorsed the idea . The State Health Department and the Health 
Insurance Association of America will also participate. 


- 6 - 












The T axman's Files After the wholesale disclosure of tax returns during the Nixon 
Administration, critics of the Internal Revenue Service called it "the lending 
library.' So, the Tax Reform Act of 1976 required the service to tighten its 
procedures for handing out personally identifiable taxpayer information. Now, 
there's evidence that the IRS is more like a leaky boat. 


"IRS' security program does not assure confidentiality. Its security safeguards 
sasily be penetrated," the General Accounting Office, Congress' investi— 
gavative arm, says flatly in a report to the Joint Committee on Taxation. "Mag¬ 
netic tapes, each containing tax data on as many as 5,000 taxpayers, were not 
properly controlled and some could not be properly accounted for." The GAO said 
the problem is not so much release of information to third parties, but the many 
opportunities for IRS employees to have access to taxpayer information they do 
not need to know. For instance, IRS has a data retrieval system which computerizes 
records on about ten percent of all U.S. taxpayers so that nearly 19,000 employ¬ 
ees around the country can have instant access, via 4,000 display terminals, and 
can alter the recorded data. Security in this system has been lax and IRS has 
con trolling unauthorized access. IRS' Security Program Requires Im- 
fAo Report No. GGD-77-44,~July 11, 1977 ($1 from GAO Distribution 
Section, P.0. Box 1020, Washington, D.C. 20013). Meanwhile, the IRS is asking 
Congress for $851 million to build a computer network with data on all taxpayers 
accessible through 8300 terminals. Congress thus far has balked. An assistant 
tax com issioner said in response to complaints that the proposed system would 
threaten privacy, "We will learn from our experience with the old systems." 

^ ^iets “ One federal agency will provide you a mail list of prospective purchasers 
of silver dollars, but the Bureau of the Mint, which also sells coins, regards 
the release of such a list an invasion of privacy (which means under federal law 
it need not be released). Government lists of business addresses are generally 
released, but various agencies have inconsistent policies with regard to release 
of individual addresses. Court decisions are also inconsistent, according to a 
General Accounting Office letter to Rep. Charles A. Vanik, D-Ohio, Aug. 25. The 
Privacy Act prohibits agencies from selling or renting mail lists, but the Freedom 
Information Act requires disclosure of the lists unless to do so is "a clearly 
unwarranted invasion of personal privacy." 


PRIVACY JOURNAL, P.0. Box 8844, Washington, D.C. 20003 

□ Please send me PRIVACY JOURNAL for the next year at $45. 

□ Four yearly subscriptions (to the same or different addresses) $100. 

CD Overseas $60 per year. O Payment enclosed. O Bill me. 

Telephone orders accepted 202/547-2865. 

NAME____ 

ADDRESS ___ 

CITY--- STATE._ ZIP_ 

(Make check payable to Privacy Journal.) 

■ Computer Security ■ Credit Reporting ■ Mail Lists ■ School Records 

■ Surveillance ■ Medical Records ■ Driving Records ■ Crime Data Systems 

■ The Law of Privacy ■ Social Security Numbers H Tax Returns ■ Wiretaps polygraphs 




























Jus.t Published — "The impersonality of the computer and the fact that it symbolizes 
for so many a system of uncaring power tend not only to incite efforts to strike 
back at the machine but also to provide certain people with a set of convenient 
rationalizations for engaging in fraud or embezzlement.... Computer crime, to 
those who engage in it, is not like stealing a purse from an old lady," says a 
comprehensive two-part series on how and why computer systems are ripped off, 
"Annals of Crime," by Thomas Whiteside, The New Yorker , Aug. 22-29, 1977. The 
author, who wrote a definitive New Yorker piece on the consumer investigative 
industry, decribes the serious impact of criminal abuse of inventory, payroll, 
credit and financial systems. 


Data Protection Legislation , edited by Dammann, Mallmann and Simitis (approximately 
$22 from Kluwer-Publisher, Lincoln“Building, Suite 39, 160 Old Darby St., 

Hingham, Mass. 02043). This English-German book includes texts of the major 
federal laws and proposed legislation on data privacy in Europe and the U.S., 
compiled by the data protection commission in the German state of Hesse. Other 
1977 publications in the same series on electronic data processing are Zielfunktionen 
des Datenschutzes (Functions of Data Protection, mainly in the credit field) by 
Otto Mallmann (147 pages, approximately $13) and Die Knotrolle des Datenschutzes 
Control of Data ProtfectTohV "concerning Sie^use^oT oversight "bodies 


to control information gathering) by Ulrich Dammann (200 pages, approximately $17) 


Privacy and Security of Criminal History Information includes frequently asked 
questions and answers about the public's access to criminal history information 
in systems funded by the federal government (20 pages, free from National Criminal 
Justice Information and Statistics Service, Washington, D.C. 20531}. 

Johnny's Such a Bright Boy, What a Shame He's Retarded by Kate Long (361 pages, 

$10 from Houghton Miffin) decries the practice of labeling children based on 
their performances in school so that they remain in categories of retardation, 
impairment, dyslexia, etc., often in computerized information systems. * * * 
"Electronic surveillance does much harm and little good," says Taps, Bugs, and 
Fooling the People, by Herman Schwartz, a persuasive antidote to the 1976 report 
of the National Wiretap Commission (48 pages, free from The Field Foundation, 

100 East 85th St., New York, N.Y. 10028). * * * The Data Processing Security Game , 
by Robert S. Becker of IBM General Systems Division, who says, "DP security is 
a game," the security administrator is analogous to a football coach who deve¬ 
lops a strategy (103 pages, $5.95 from Pergamon Press, New York). 


(O 


PRIVACY JOURNAL 

Second class 



P 0. Box 8844 

postage paid 
at Wash. D.C. 

UKJ 

Washington, D.C.20003 



Theodor H. Nelson 
Box 3 

Schooleys Mountain, New Jersey 07870 

























